How Google keeps your secrets private

@CNNMoneyTech January 26, 2012: 8:24 AM ET
hacking-locked.ju.top.jpg

NEW YORK (CNNMoney) -- How does a company that collects so much information from its users keep all that data private?

Meet Alma Whitten, Google's director of privacy.

At the end of a miserable 2010 filled with privacy blunders including the disastrous Google Buzz fiasco, Google appointed Whitten to the position of privacy director. Since then, Whitten has instituted what she calls a "culture of privacy" at the company. So far it has been paying off.

Over the course of the past year, Google (GOOG, Fortune 500) has released new privacy tools, put in place a multifaceted structure to ensure users' privacy, and built in fail-safes to make sure nothing falls between the cracks.

"We've made incredible progress on this over the past year," said Whitten in an interview with CNNMoney that took place last month. "We've built the car, and now we're just doing the tune-up."

As part of that tune-up, Google on Tuesday made the major announcement that it has streamlined its privacy policy. Instead of 70 policies across each of its products -- search, maps, Gmail, etc. -- Google will consolidate most of them into a single, shorter, privacy agreement. Whitten wrote in a blog post Tuesday that the move is designed to add clarity to Google's privacy stance.

Google has begun notifying its users of the changes. The company also began a massive publicity campaign this month, putting advertisements about privacy in major cities throughout the country.

The company is ramping up its privacy initiative as the Federal Trade Commission is keeping a watchful eye on the search giant. Last March, Google agreed to submit an independent privacy review to the government for the next 20 years after the company inadvertently revealed some users' e-mail contact lists to the public in its February 2010 release of the Buzz social network.

That was a turning point for the company. Still reeling from the Buzz nightmare, the company in October 2010 hired Whitten -- an engineer -- to head up its new privacy initiative.

It appeared to be a curious choice at first. But Whitten's roots as an in-the-trenches software nerd allowed her to change Google's privacy approach for the better.

Forming a privacy culture

Prior to Whitten's appointment as director of privacy, Google had a "privacy review" for each new product. Whitten described that review as "a cacophony, rather than a harmonized message that delivered strong guidance."

In its place, Whitten created an internal structure called the Privacy Working Group. Google hired people with expertise in specific areas of privacy like data anonymization, location awareness, and advertising. The company then put those experts into sub-groups.

When a new product comes along, the subgroups analyze the products and determine things that the engineers may have missed, such as whether a user's location data is sufficiently separated from data that goes to advertisers.

The company also put in place several fail-safes to ensure that privacy decisions are never made by just one person.

"We don't want to have a situation where a decision is being made about something sensitive, where someone thinks the code is doing one thing, but it's actually doing something else," Whitten told CNNMoney..

As a result, Google now makes engineers go deep down into each new product's code to verify the Privacy Working Group experts' understanding of the code before a decision is made.

Whitten says her most important achievement, however, has been building privacy into Google's culture.

One way Google achieved that was by linking privacy to staff evaluations. When Googlers are up for promotions, one factor that's weighed is whether they ingrained privacy into their products and effectively used the Privacy Working Group.

Whitten said the initiative has been a success, and many Googlers have felt empowered by the changes she has instituted. Privacy is no longer a burden to Google's staff, she said. Instead, Google engineers view getting privacy right as business-critical.

As Google's products begin to flow into one another, getting privacy right will be a crucial task going forward. Search Plus Your World, Google's new search tool that displays social network information in search results, has already raised some eyebrows.

"Our users are our biggest business asset; that's the No. 1 thing that we can't screw up," Whitten said. "That's why making sure Google has a really good privacy process helps me sleep at night." To top of page

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.